[UNIX] Vulnerability in New User Creation in Geeklog

From: support@securiteam.com
Date: 01/15/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Tue, 15 Jan 2002 22:57:36 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Vulnerability in New User Creation in Geeklog
------------------------------------------------------------------------

SUMMARY

 <http://www.geeklog.org/> Geeklog is a popular web log. It allows you to
create your own virtual community area, complete with user administration,
story posting, messaging, and other nice features. By default, any user
added in the installation procedure will be given GroupAdmin and UserAdmin
group elevated privileges.

DETAILS

Vulnerable systems:
Geeklog version 1.3

When the first, new user is created during a fresh installation of
Geeklog, that regular user is assigned to the GroupAdmin Group, and
subsequently, is a member of the UserAdmin Group. This is a major issue,
because if the website were rolled out to the public, in theory, the first
new user registered would have Administrator rights, which would allow the
new user to have control over Geeklog, and subsequently, the entire
website.

Fix:
Per Geeklog's website: If you already have installed a fresh version of
Geeklog 1.3 then you need to edit the user with a uid of 13. To get that,
do a "SELECT username FROM users WHERE uid = 13" in your favorite MySQL
editor. Then in the admin/users.php page edit that user and uncheck both
the GroupAdmin Group AND the UserAdmin Group and be sure to leave the
Normal User and Logged-in User boxes checked.

ADDITIONAL INFORMATION

The information has been provided by <mailto:woody@thewoodman.org> Woody
Hughes.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.